diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/passverify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 1c83f1aa..624ba783 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -94,7 +94,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, } else { if (pam_str_skip_prefix(hash, "$1$") != NULL) { pp = Goodcrypt_md5(p, hash); - if (pp && strcmp(pp, hash) != 0) { + if (pp && !pam_consttime_streq(pp, hash)) { _pam_delete(pp); pp = Brokencrypt_md5(p, hash); } @@ -163,7 +163,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, /* the moment of truth -- do we agree with the password? */ D(("comparing state of pp[%s] and hash[%s]", pp ? pp : "(null)", hash)); - if (pp && strcmp(pp, hash) == 0) { + if (pp && pam_consttime_streq(pp, hash)) { retval = PAM_SUCCESS; } else { retval = PAM_AUTH_ERR; |